Using ssl with localhost with asp.net mvc 5 on VS2015

Question

I'm trying to test my website locally using SSL with IIS Express. It has the following properties set:

• SSL Enabled set to 'true'
• SSL URL is set https://localhost:44354/

But whenever I open the https address, I get the following error:

In "Microsoft Edge":

In Google Chrome:

I've read article after articles, including some on SO but to no avail. I've tried the following:

• I've deleted my IIS Express Development Certificate
• I've repaired IIS Express 10 via the Control Panel
• I've removed the localhost certificate I had created manually.
• I've added <binding protocol="https" bindingInformation="*:44354:localhost" /> to the bindings section the applicationhost.config
• I've stopped and restarted IIS Express.
• Some suggest to change the port to 443 but my SSL URL is read-only in .NET IDE.
• Some articles I've read:
  • Running IIS Express without Administrative Privileges
  • How do I fix a missing IIS Express SSL Certificate?
  • IIS Express — Getting SSL to Work
  • and many more...

Any help would be greatly appreciated.

Thanks.

Answer 1

I finally figured it out by following this article How to trust the IIS Express Self-Signed Certificate but a few additional steps:

1. Export IIS Express Development certificate to a local from. This certificate can be found in the Server Certificates section in IIS 10.0.

2. Open the Certificate console by calling mmc.exe certmgr.msc from File|Run.

3. Delete all instances of localhost under the Trusted Root Certification Authorities|Certificates.

4. Import the newly created certificate. You will get prompted with the following:

5. Once imported, I went back to Asp.Net MVC 5 project, recompile it and ran it. When I ran it, I got prompted with the following:

This is when I knew I was on the right track as this was the first time I had ever seen this prompt! Click Yes, and now this prompt appears:

And click Yes on this prompt as well. Your project will then launch the relevant browser.

Go to the https address defined in your .net project, in my instance, https://localhost:44354/, and you will now see the padlock displayed in the address bar to indicate that it is a secure site:

Most of these answers were already available in different answers provided on SO but the points that were missing or that I missed were that I had to export my IIS Express Development certificate, delete all localhost entries (which I had done) and then re-import this certificate. Once done, .NET detects the change and you get prompted accordingly.

Anyway, I hope this will help others.

Answer 2

Self signed certificates need to be trusted or browsers won't accept them. You can easily use Jexus Manager to configure that,

https://www.jexusmanager.com/en/latest/tutorials/self-signed.html#to-trust-self-signed-certificate

While if you prefer manually, you can import the certificates to the Trusted Root Certificate Authority store in Windows.

Learn more about SSL, certificates, stores and so on (Google each of them and learn them thoroughly), so that next time you really understand what is the culprit before trying so many irrelevant things.

Jexus Manager also has an SSLDiag feature to identify potential issues,

https://www.jexusmanager.com/en/latest/tutorials/ssl-diagnostics.html

But you need to know enough so as to interpret its output correctly.